[c-nsp] Network monitoring / NMS software
I know this question comes up from time to time and I’ve myself asked it before but it was a while ago and some recent googling seems to indicate the landscape has changed a lot. I’m looking for recommendations for monitoring software. Basic alerting, SNMP polling, trap handling, reporting, auto discovery and the other general features. Server monitoring would be a nice plus or at least a method of adding on that functionality. Open NMS is grabbing my interest so far but I’m wondering about commercial packages and the advantages of having a vendor to call on especially considering we’re a small startup operation so far. Wonder what people are using, what open source or commercial platforms have you tried? The only real requirement I have in terms of environment is that the platform runs under Linux and not windows only. We’re a non windows shop so can’t and won’t install a single instance of Windows server just to run monitoring. Any pointers and advice folks have would be greatly appreciated. Also anyone using open NMS specifically who has any real world experience and comments would be appreciated but I’m interested in anything being used and your opinions. Thanks Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Network monitoring / NMS software
Looking pretty good in the demo. Must get hands on . Will surely update on this. Regards Vijay A. On Jul 9, 2015 10:30 PM, chip chip.g...@gmail.com wrote: http://www.librenms.org/ is looking pretty good these days. Doesn't do traps that I'm aware of though. It's pretty good for most networking gear. On Thu, Jul 9, 2015 at 12:51 PM, Scott Granados sc...@granados-llc.net wrote: I know this question comes up from time to time and I’ve myself asked it before but it was a while ago and some recent googling seems to indicate the landscape has changed a lot. I’m looking for recommendations for monitoring software. Basic alerting, SNMP polling, trap handling, reporting, auto discovery and the other general features. Server monitoring would be a nice plus or at least a method of adding on that functionality. Open NMS is grabbing my interest so far but I’m wondering about commercial packages and the advantages of having a vendor to call on especially considering we’re a small startup operation so far. Wonder what people are using, what open source or commercial platforms have you tried? The only real requirement I have in terms of environment is that the platform runs under Linux and not windows only. We’re a non windows shop so can’t and won’t install a single instance of Windows server just to run monitoring. Any pointers and advice folks have would be greatly appreciated. Also anyone using open NMS specifically who has any real world experience and comments would be appreciated but I’m interested in anything being used and your opinions. Thanks Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Just my $.02, your mileage may vary, batteries not included, etc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Network monitoring / NMS software
i just went through this, trying to see if i wanted to move away from zenoss as the new zenoss 5 is a devops created nightmare. in the end i decided that zenoss 4.2.5 is what still makes the most sense. i don't know if it will get any more updates, but it does a decent job of all the things i want. On 07/09/2015 09:51 AM, Scott Granados wrote: I know this question comes up from time to time and I’ve myself asked it before but it was a while ago and some recent googling seems to indicate the landscape has changed a lot. I’m looking for recommendations for monitoring software. Basic alerting, SNMP polling, trap handling, reporting, auto discovery and the other general features. Server monitoring would be a nice plus or at least a method of adding on that functionality. Open NMS is grabbing my interest so far but I’m wondering about commercial packages and the advantages of having a vendor to call on especially considering we’re a small startup operation so far. Wonder what people are using, what open source or commercial platforms have you tried? The only real requirement I have in terms of environment is that the platform runs under Linux and not windows only. We’re a non windows shop so can’t and won’t install a single instance of Windows server just to run monitoring. Any pointers and advice folks have would be greatly appreciated. Also anyone using open NMS specifically who has any real world experience and comments would be appreciated but I’m interested in anything being used and your opinions. Thanks Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Network monitoring / NMS software
http://www.librenms.org/ is looking pretty good these days. Doesn't do traps that I'm aware of though. It's pretty good for most networking gear. On Thu, Jul 9, 2015 at 12:51 PM, Scott Granados sc...@granados-llc.net wrote: I know this question comes up from time to time and I’ve myself asked it before but it was a while ago and some recent googling seems to indicate the landscape has changed a lot. I’m looking for recommendations for monitoring software. Basic alerting, SNMP polling, trap handling, reporting, auto discovery and the other general features. Server monitoring would be a nice plus or at least a method of adding on that functionality. Open NMS is grabbing my interest so far but I’m wondering about commercial packages and the advantages of having a vendor to call on especially considering we’re a small startup operation so far. Wonder what people are using, what open source or commercial platforms have you tried? The only real requirement I have in terms of environment is that the platform runs under Linux and not windows only. We’re a non windows shop so can’t and won’t install a single instance of Windows server just to run monitoring. Any pointers and advice folks have would be greatly appreciated. Also anyone using open NMS specifically who has any real world experience and comments would be appreciated but I’m interested in anything being used and your opinions. Thanks Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Just my $.02, your mileage may vary, batteries not included, etc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Network monitoring / NMS software
Try the Ubuntu Image which is all pre-configured, saves lots of time. I am using it under a CentOS KVM installation. Once you are logged in then go to /opt/librenms and issue 'git pull' to get the latest updates. The only caveats you might come across is the size of disk space which is 10GB at the moment, but of course this can be expanded later. Cheers -Azher On 7/9/2015 10:07 AM, Vijay S wrote: Looking pretty good in the demo. Must get hands on . Will surely update on this. Regards Vijay A. On Jul 9, 2015 10:30 PM, chip chip.g...@gmail.com wrote: http://www.librenms.org/ is looking pretty good these days. Doesn't do traps that I'm aware of though. It's pretty good for most networking gear. On Thu, Jul 9, 2015 at 12:51 PM, Scott Granados sc...@granados-llc.net wrote: I know this question comes up from time to time and I’ve myself asked it before but it was a while ago and some recent googling seems to indicate the landscape has changed a lot. I’m looking for recommendations for monitoring software. Basic alerting, SNMP polling, trap handling, reporting, auto discovery and the other general features. Server monitoring would be a nice plus or at least a method of adding on that functionality. Open NMS is grabbing my interest so far but I’m wondering about commercial packages and the advantages of having a vendor to call on especially considering we’re a small startup operation so far. Wonder what people are using, what open source or commercial platforms have you tried? The only real requirement I have in terms of environment is that the platform runs under Linux and not windows only. We’re a non windows shop so can’t and won’t install a single instance of Windows server just to run monitoring. Any pointers and advice folks have would be greatly appreciated. Also anyone using open NMS specifically who has any real world experience and comments would be appreciated but I’m interested in anything being used and your opinions. Thanks Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Just my $.02, your mileage may vary, batteries not included, etc ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Cisco Security Advisory: Multiple Vulnerabilities in Cisco ASA Software
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Multiple Vulnerabilities in Cisco ASA Software Advisory ID: cisco-sa-20141008-asa http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa Revision 3.0 Last Updated 2015 July 8 21:04 UTC (GMT) For Public Release 2014 October 8 16:00 UTC (GMT) +- Summary === Cisco Adaptive Security Appliance (ASA) Software is affected by the following vulnerabilities: Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability Cisco ASA VPN Denial of Service Vulnerability Cisco ASA IKEv2 Denial of Service Vulnerability Cisco ASA Health and Performance Monitor Denial of Service Vulnerability Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability Cisco ASA DNS Inspection Engine Denial of Service Vulnerability Cisco ASA VPN Failover Command Injection Vulnerability Cisco ASA VNMC Command Input Validation Vulnerability Cisco ASA Local Path Inclusion Vulnerability Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability These vulnerabilities are independent of one another; a release that is affected by one of the vulnerabilities may not be affected by the others. Successful exploitation of the Cisco ASA SQL*NET Inspection Engine Denial of Service Vulnerability, Cisco ASA VPN Denial of Service Vulnerability, Cisco ASA IKEv2 Denial of Service Vulnerability, Cisco ASA Health and Performance Monitor Denial of Service Vulnerability, Cisco ASA GPRS Tunneling Protocol Inspection Engine Denial of Service Vulnerability, Cisco ASA SunRPC Inspection Engine Denial of Service Vulnerability, and Cisco ASA DNS Inspection Engine Denial of Service Vulnerability may result in a reload of an affected device, leading to a denial of service (DoS) condition. Successful exploitation of the Cisco ASA VPN Failover Command Injection Vulnerability, Cisco ASA VNMC Command Input Validation Vulnerability, and Cisco ASA Local Path Inclusion Vulnerability may result in full compromise of the affected system. Successful exploitation of the Cisco ASA Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability may result in the disclosure of internal information or, in some cases, a reload of the affected system. Successful exploitation of the Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability may result in a compromise of the Clientless SSL VPN portal, which may lead to several types of attacks, which are not limited to cross-site scripting (XSS), stealing of credentials, or redirects of users to malicious web pages. Successful exploitation of the Cisco ASA Smart Call Home Digital Certificate Validation Vulnerability may result in a digital certificate validation bypass, which could allow the attacker to bypass digital certificate authentication and gain access inside the network via remote access VPN or management access to the affected system via the Cisco Adaptive Security Device Management (ASDM). 2015-July-08 UPDATE: Cisco PSIRT is aware of disruption to some Cisco customers with Cisco ASA devices affected by CVE-2014-3383, the Cisco ASA VPN Denial of Service Vulnerability that was disclosed in this Security Advisory. Traffic causing the disruption was isolated to a specific source IPv4 address. Cisco has engaged the provider and owner of that device and determined that the traffic was sent with no malicious intent. Cisco strongly recommends that customers upgrade to a fixed Cisco ASA software release to remediate this issue. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141008-asa -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQIcBAEBCgAGBQJVnjTyAAoJEIpI1I6i1Mx3RjwP/RvUACR95bYhiGShkRFed7SP wDEL7WNBor2EI58IlgEiyHeWgngheD2NreZ2VC7VdVETKFLPauvdZElNuz5r/Uy+ 06BkkE3w9Y/LVKbytUfCtCA+rH426M9AyX0oiG7PvYGsYmADIPri+H/Y3O6jKZjO 0pPW3hxiaDaiYTGvFwMsOSzcVLGJnJIn2+ikBCnwXrdrgSB0OGNmXwVxdNFeo6Qs qTGW5975HzSI4llgLANS2uYFysPu113xLUXs6qzjV9to3KBWD2fz0/shrSuNaqi3 0saMjeRsNCoMbqKIlSRDzb4w3IezyI5Dh+lk5QFEoGFfuWMmozAx8is8ydTTuY31 VMoKa5P9Xma5vJi/q8Artjisowjt22NQujgf6BcatZcVAOmMgF6X4ZJylzK9IqFi A15CPIWNLf60CQU4qJAjWc9ehPdnbVG96jdx7cOMX+9OODZS3DYX+X0WvjH3xzlK S3oDi50VMxBBn+BfzRYgH/Hr3llHyArLxM7NWzGvG6hPunuzuBNcZay64mtirc8p v4bO8if+MqCRSOTB7CnpJNRtoJyWEODAQfjv+KOlQGuLU5NDNKcByZN37V3kxvkP
Re: [c-nsp] ME3600X mLDP
Thanks Mark for clearing that up. Not the answer that I wanted in regards to the ME3600X as I have some already. Great to see the ASR920 is going well as I will be getting some. Cheers Ivan On 9 July 2015 at 22:44, Mark Tinka mark.ti...@seacom.mu wrote: On 9/Jul/15 03:36, Ivan wrote: I am hoping someone can confirm if the Cisco ME3600X and ME3800X support mLDP. Some older emails to this list suggest this feature was expected in 2013. Looking at the Software Research tool some IOS versions show up as having MLDP-Based MVPN Multicast. I have tried few versions but can't get capabilities P2MP, MP2MP. mLDP is not supported on the ME3600X, and will never. It is, however, supported on the ASR920. Tested and works like a charm. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3600X mLDP
On 9/Jul/15 13:11, Ivan Walker wrote: Thanks Mark for clearing that up. Not the answer that I wanted in regards to the ME3600X as I have some already. Great to see the ASR920 is going well as I will be getting some. Agree - start buying the ASR920 for new deployments. The ME3600X is still a great box. Just no new developments coming to it. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ME3600X mLDP
On 9/Jul/15 03:36, Ivan wrote: I am hoping someone can confirm if the Cisco ME3600X and ME3800X support mLDP. Some older emails to this list suggest this feature was expected in 2013. Looking at the Software Research tool some IOS versions show up as having MLDP-Based MVPN Multicast. I have tried few versions but can't get capabilities P2MP, MP2MP. mLDP is not supported on the ME3600X, and will never. It is, however, supported on the ASR920. Tested and works like a charm. Mark. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR1K - Aggregate QoS Across subinterfaces?
Hi Mitch, If I understand what you are asking aggregate class may but what you are looking for. The keyword is fragment in the qos docs Create aggregate shaper policy-map aggregate-member-link class BestEffort-class service-fragment BestEffort-fragment shape average 2000 and associate your parent class like this with your child class for policy-map parent class class-default fragment BestEffort-fragment shape average 500 service-policy child It's got some limitations but may be what you need. Brian Brian Turnbow Network Manager TWT S.p.A. -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mitch Dyer Sent: giovedì 9 luglio 2015 02:51 To: cisco-nsp@puck.nether.net Subject: [c-nsp] ASR1K - Aggregate QoS Across subinterfaces? Hello Everyone, I apologize if this post is either off-topic or inappropriate, first time posting. We have a 1Gb circuit from a local carrier that aggregates circuits from several of our customers. Each customer gets handed to us with a separate dot1q tag. I'm looking to queue/police that traffic but am having trouble coming up with the appropriate strategy to do so across the two services we are looking to provide. The first service can be described as transit at a CIR while preserving voice markings to an upstream SIP provider that we peer with. The second service leverages MPLS L3VPNs to provide access to an IaaS service we provide, along with some other centralized services we host and/or peer with. We're terminating this aggregated circuit on an ASR1002X. The transit customers seem pretty straight forward, at each sub interface have a parent policy that polices/shapes to the agreed upon CIR and then a child policy which handles individual classes of traffic. The L3VPN service seems to be a bit trickier as it's been sold as an aggregated service and doesn't have a specific CIR associated with each customer. Is there a way to shape/queue the L3VPN customers as an aggregate of whatever resources are available? A colleague suggested H-QoS but I've had a hard time distinguishing between it and the MQC documentation for the ASR1000 series. Any help would be greatly appreciated. Thanks, Mitch ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Shaping pseudowire on ME3600-ME3600 (L2)
Wow - Ok, thanks for the heads up...under what circumstances would this be needed? (i.e Is it documented anywhere on Cisco's site?) From: George Giannousopoulos ggian...@gmail.com Sent: Thursday, 9 July 2015 3:38 PM To: CiscoNSP List Cc: Nick Hilliard; cisco-nsp Subject: Re: [c-nsp] Shaping pseudowire on ME3600-ME3600 (L2) Hi, In some certain cases you are not allowed to apply a policy-map which includes *only* class-default To workaround the issue you have to add a dummy class like the following example class-map match-any dummy match qos-group 99 policy-map 50M-OUTPUT-POLICY class dummy class class-default shape average 5000 queue-limit 2000 packets Just make sure you don't match anything useful in the dummy class-map :-) On Wed, Jul 8, 2015 at 11:54 PM, CiscoNSP List cisconsp_l...@hotmail.commailto:cisconsp_l...@hotmail.com wrote: It works but you may need to include a dummy class, besides the class-default, in your policy map.. Thanks George - Can you please elaborate on the dummy class? i.e. what additional class may I need to add to policy-map (And for what reason?) Cheers. -- George On Wed, Jul 8, 2015 at 5:24 PM, Nick Hilliard n...@foobar.orgmailto:n...@foobar.org wrote: On 08/07/2015 01:15, CiscoNSP List wrote: Question (As I dont have a pair of 3600's handy that I can test on until later in the week), but can you shape a L2 x-connect? yes, it works as expected. Nick ___ cisco-nsp mailing list cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.netmailto:cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Shaping pseudowire on ME3600-ME3600 (L2)
Hi, Yes you can shape under the service instance configured with xconnect If I recall correctly pure shaping can be done at parent level but priority and cbwfq has to be done at child level. policy-map vpn1_voice_child_out class voip_vpn1 police cir 64000 conform-action transmit exceed-action drop priority level 1 class class-default policy-map vpn1_voice_parent_out class class-default shape average 1024000 service-policy vpn1_voice_child_out adam -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of CiscoNSP List Sent: 08 July 2015 01:16 To: cisco-nsp@puck.nether.net Subject: [c-nsp] Shaping pseudowire on ME3600-ME3600 (L2) Hi Everyone, Question (As I dont have a pair of 3600's handy that I can test on until later in the week), but can you shape a L2 x-connect? (I assume you can, as Ive done it with service instance for a VRF, but not for a L2 service?) i.e. policy-map 20M class class-default shape average 2000 int foo service instance 204 ethernet description PW_TEST_L2_SHAPE encapsulation dot1q 204 rewrite ingress tag pop 1 symmetric xconnect xxx.xxx.xxx.xxx 1403241631 encapsulation mpls service-policy output 20Mb Cheers. ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ASR9K VPLS Autodiscovery
Hi Mohammad, Have you tried enabling ''prefix-length-size 2'' on the 7613 either under the ''neighbour'' or under the '' address-family l2vpn vpls'' please? The BGP session should stay up then. Full description: http://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-1/lxvpn/configuration/guide/vc41crs/vc41vpls.html#pgfId-1331672 adam -Original Message- From: cisco-nsp [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Mohammad Khalil Sent: 02 July 2015 09:29 To: cisco-nsp@puck.nether.net Subject: [c-nsp] ASR9K VPLS Autodiscovery Hi all I am trying to establish VPLS between ASR9K and 7613 We have configured manual connection and it worked fine I have tried autodiscovery but never went up , is there any restriction ? Thanks ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] Nexus EVC
Can anyone confirm if this setup is supported: Nexus 7k, 6.2(12), M2 module: interface Ethernet2/1 mtu 9216 no shutdown service instance 1 ethernet encapsulation dot1q 6 no shutdown service instance 2 ethernet encapsulation dot1q 5 no shutdown interface Ethernet2/1.7 mtu 9216 encapsulation dot1q 7 no ip redirects ip address x.y/30 no shutdown The config is allowed but I wasn’t clear from reading the docs if you could do a subint along with evc or if you needed to use an svi with a bridge group Thanks, Jay ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] Network monitoring / NMS software
Give Observium a try, http://www.observium.org/. It has always worked fine for me. It doesn't do traps though. Btw, LibreNMS is a fork of Observium. On 2015-07-09 09:51, Scott Granados wrote: I know this question comes up from time to time and I’ve myself asked it before but it was a while ago and some recent googling seems to indicate the landscape has changed a lot. I’m looking for recommendations for monitoring software. Basic alerting, SNMP polling, trap handling, reporting, auto discovery and the other general features. Server monitoring would be a nice plus or at least a method of adding on that functionality. Open NMS is grabbing my interest so far but I’m wondering about commercial packages and the advantages of having a vendor to call on especially considering we’re a small startup operation so far. Wonder what people are using, what open source or commercial platforms have you tried? The only real requirement I have in terms of environment is that the platform runs under Linux and not windows only. We’re a non windows shop so can’t and won’t install a single instance of Windows server just to run monitoring. Any pointers and advice folks have would be greatly appreciated. Also anyone using open NMS specifically who has any real world experience and comments would be appreciated but I’m interested in anything being used and your opinions. Thanks Scott ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] ios vs ios-xe: interrface config rate-limit
Hi, I have an ASR1000 running IOS-XE 3.10.5S configured to terminate PPPoE sessions. It is going to be the upgrade/replacement for a 7201 running 12.2(33)-SRE7. I have discovered that there doesn't seem to be feature pairity between these which prevents some of my account profiles from working properly. Chief among these is that I have rate limiting in my subscriber radius profiles and it looks like this: Cisco-AVPair += lcp:interface-config=rate-limit input 100 18750 37500 conform-action transmit exceed-action drop Cisco-AVPair += lcp:interface-config=rate-limit output 600 1125000 225 conform-action transmit exceed-action drop This establishes a 6mbps download and 1mbps upload speed for that particular user profile, and works like a charm on the 7201. But when I try to establish a PPPoE session on the ASR, under debug, I see that 'rate-limit' is being rejected by the cisco parser and the session doesn't come up because of the errors. So apparently 'rate-limit' isn't a command I can apply to interfaces under IOS-XE. So, question - How do I establish rate limits for PPPoE users under IOS-XE? I haven't seen a good explanation of how it's supposed to work. The cisco documentation talks around the general issue but doesn't actually present a working example and I'm lost. Help! Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] ios vs ios-xe: interrface config rate-limit
Hi Mike, You can apply a policy map (which contains a shaper or rate-limiter) in each direction: Cisco-AVPair += ip:sub-qos-policy-in=10Mbps-rate-limit Cisco-AVPair += ip:sub-qos-policy-out=10Mbps-rate-limit policy-map 10Mbps-rate-limit class class-default police 1024 192 384 conform-action transmit exceed-action drop Hope that's useful, Andrew On 10.07.2015 10:21, Mike wrote: Hi, I have an ASR1000 running IOS-XE 3.10.5S configured to terminate PPPoE sessions. It is going to be the upgrade/replacement for a 7201 running 12.2(33)-SRE7. I have discovered that there doesn't seem to be feature pairity between these which prevents some of my account profiles from working properly. Chief among these is that I have rate limiting in my subscriber radius profiles and it looks like this: Cisco-AVPair += lcp:interface-config=rate-limit input 100 18750 37500 conform-action transmit exceed-action drop Cisco-AVPair += lcp:interface-config=rate-limit output 600 1125000 225 conform-action transmit exceed-action drop This establishes a 6mbps download and 1mbps upload speed for that particular user profile, and works like a charm on the 7201. But when I try to establish a PPPoE session on the ASR, under debug, I see that 'rate-limit' is being rejected by the cisco parser and the session doesn't come up because of the errors. So apparently 'rate-limit' isn't a command I can apply to interfaces under IOS-XE. So, question - How do I establish rate limits for PPPoE users under IOS-XE? I haven't seen a good explanation of how it's supposed to work. The cisco documentation talks around the general issue but doesn't actually present a working example and I'm lost. Help! Mike- ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/